How to Install Nginx on openSUSE Leap 15

NGINX is an open-source, free HTTP server software. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for e-mail (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers.

The goal behind NGINX was to create the fastest web server around, and maintaining that excellence is still a central goal of the Nginx project. NGINX consistently beats Apache and other servers in benchmarks measuring web server performance and is now the most popular used web server according to W3Tech.

In the tutorial, you will learn how to install and configure Nginx on openSUSE Leap 15 with a free TLS/SSL certificate from Let’s Encrypt.

Prerequisites

  • Recommended OS: openSUSE Leap – 15.x.
  • User account: A user account with sudo or root access.
  • Required Packages: wget

Update Operating System

Update your openSUSE operating system to make sure all existing packages are up to date:

sudo zypper refresh

Once refreshed, run the update command.

sudo zypper update

The tutorial will be using the sudo command and assuming you have sudo status.

To verify sudo status on your account:

sudo whoami

Example output showing sudo status:

[joshua@opensuse ~]$ sudo whoami
root

To set up an existing or new sudo account, visit our tutorial on adding a User to Sudoers on openSUSE.

To use the root account, use the following command with the root password to log in.

su

The tutorial will use the terminal for installation found in  Activities> Show Applications > Terminal.

Example:

How to Install Nginx on openSUSE Leap 15

Install Nginx on openSUSE Leap

To install Nginx in your terminal, use the following command to begin the process.

sudo zypper install nginx

Example output:

How to Install Nginx on openSUSE Leap 15

Type Y, then press the ENTER KEY to proceed with the installation.

Once installed, confirm the installation by checking the Nginx build version.

nginx -v

Example output:

nginx version: nginx/1.19.8

By default, the Nginx service is not enabled or active once installed. To enable Nginx, use the following command.

sudo systemctl enable nginx --now

Now check the service status to confirm Nginx is running without any errors.

systemctl status nginx

Example output:

How to Install Nginx on openSUSE Leap 15

As above, the status should be active (running). At this point, you have installed the Nginx application.

Configure Firewall Rules

By default, the installation does not automatically add firewall rules to the standard port 80 or 443 port when installing Nginx. Before you continue, you should set the following rules, this will depend on what ports you will use, but all options are listed.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --zone=public --add-service=http

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --zone=public --add-service=https

Reload firewall to make changes into effect

sudo firewall-cmd --reload

Configure Nginx

You will need to have the server’s IP address ready for set up. The easiest way to do this is with the following.

Find Server IP Address

You will need to have the server’s IP address prepared for set up. The easiest way to do this is with the following.

curl -4 icanhazip.com

Example output:

XXX.XXX.XXX.XXX IP address

If the commands are not working, you do not have the curl package installed more than likely. Run the following command:

sudo zypper install curl

Set Up Site Source Directory

In the tutorial, you will set up a domain called example.com, but you should replace this with your domain name. The tutorial will create the web directories and configure the site files in the parent directory /srv/www/.

First, create the directory, for example.com, as follows, using the “-p” flag to make any necessary parent directories:

sudo mkdir -p /srv/www/your_domain/html

Second, you will need to assign the owner of the directory. Note, this can be changed to the user = nginx as well.

sudo chown -R $user /srv/www/your_domain/html

Third, assign the directory’s permissions, so the owner reads, writes, and executes the files while granting only read and execute permissions to groups and others. You can input the following command:

sudo chmod -R 755 /srv/www/your_domain

Set up Test HTML page

Fourth, create a test page that you will use to confirm your Nginx server is operational.

sudo nano /srv/www/your_domain/html/index.html

Inside the nano editor and new file you have created. Enter the following.

<html>
 <head>
  <title>Welcome to Testing Your Domain!</title>
 </head>
 <body>
   <h1>Success!  You have correctly follow instructions upto this point, the server block is working!</h1>
 </body>
</html>

Save the file (CTRL+O), then exit (CTRL+X).

Create Nginx Server Block

By default, the Nginx server block, similar to Apache virtual hosts, is dealt with in the /etc/nginx/vhosts.d directory. However, the Nginx installation varies from different versions and distributions utilizing either the conf.d or sites-available/sites-enabled by default. The site’s directories will be used to keep a standard for the tutorial.

First, make the directories needed for sites-available and sites-enabled.

sudo mkdir /etc/nginx/sites-available && sudo mkdir /etc/nginx/sites-enabled

Next, open your nginx.conf file and remove or comment the “include /etc/nginx/vhosts.d/*.conf;”.

sudo nano /etc/nginx/nginx.conf

Then, directly under it add include “/etc/nginx/sites-enabled/*.conf;”.

Example only:

###EDIT HERE###
#  include vhosts.d/*.conf;
    include sites-enabled/*.conf;
}

As above, a “#” comment was added to include conf.d line, and include sites-enabled was added.

Save the file (CTRL+O) and exit (CTRL+X).

Next, create your server block configuration file. The name your_domain.conf will be used for the tutorial, but this can be named anything you prefer.

sudo nano /etc/nginx/sites-available/your_domain.conf

You can paste the following example code into the block. This is just an HTTP-only example for basic testing.

server {
 listen 80;
 listen [::]:80;

 server_name your_domain www.your_domain;

 root /srv/www/your_domain/html;

  index index.html index.htm;

 location / {
  try_files $uri $uri/ =404;
 }
}

The example shows your server is listening for two server names, “your_domain” on port 80.

You will need to change the root directory to the name/location of the root directory you create.

Enabled Nginx Server Block

You must link the configuration files from sites-available to sites-enabled in your Nginx directory to enable Nginx server blocks. This can be done with the ln -s command as follows.

sudo ln -s /etc/nginx/sites-available/your_domain.conf /etc/nginx/sites-enabled/

Final Configuration & Test run

In the final stage, you will need to open your default nginx.conf file.

sudo nano /etc/nginx/nginx.conf

And uncomment the following line.

server_names_hash_bucket_size 64;

The server name’s hash bucket size is changed as sometimes problems arise from adding additional servers.

Next, test your Nginx to ensure it’s working before properly restarting.

sudo nginx -t

The output should be if no errors in the syntax:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you have the following ok output, restart the Nginx server for the changes to take place.

sudo systemctl restart nginx

Now open your Internet Browser and type in the server domain name. You should see your server block is live.

Example:

How to Install Nginx on openSUSE Leap 15

Secure Nginx with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Nginx on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

Install the certbot package as follows:

sudo zypper install python3-certbot-nginx

Once installed, run the following command to start the creation of your certificate:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

This ideal setup includes force HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be HTTPS://www.example.com instead of HTTP://www.example.com.

If you use the old HTTP URL, it will automatically redirect to HTTPS.

Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

sudo certbot renew --dry-run

If everything is working, open your crontab window using the following terminal command.

sudo crontab -e

Next, specify the time when it should auto-renew. This should be checked daily at a minimum, and if the certificate needs to be renewed, the script will not update the certificate. If you need help finding a good time to set, use the crontab.guru free tool.

00 00 */1 * * /usr/sbin/certbot-auto renew

To save, press the ESCAPE KEY and then type :wq! to save the file. Alternatively, to exit without saving, type :qa!

Managing Nginx Service

Now that you have Nginx running on your server successfully, some management keynotes are as follows.

To stop Nginx webserver:

sudo systemctl stop nginx

To start Nginx webserver:

sudo systemctl start nginx

To restart the Nginx webserver:

sudo systemctl restart nginx

To reload the Nginx webserver (For more minor changes not requiring a restart):

sudo systemctl reload nginx

To disable Nginx on server boot:

sudo systemctl disable nginx

To start Nginx on server boot (Automatically enabled on installation):

sudo systemctl enable nginx

How to Access Nginx Server Logs

Nginx Logs Directory

By default, all NGINX access/error logs, unless you have changed them, are located in the log directory, which the following command can view.

First, navigate to the logs directory and list files:

cd /var/log/nginx && ls -l

You should find the following access and error files:

Access Log:

/var/log/nginx/access.log

Error Log:

/var/log/nginx/error.log

To view logs in real-time in your terminal using the sudo tail -f /location/of/log path command.

Example:

sudo tail -f /var/log/nginx/access.log

Another option is to print the last X amount of lines. For example, X is replaced with 30 to print 30 lines by adding the -n 30 flag.

sudo tail -f /var/log/nginx/access.log -n 30

These are just some examples of reading logs, and grep can also be helpful.

How to Configure Nginx Log Rotate

Nginx automatically installs log rotation and configure it to default which is to rotate daily. You can change these settings by accessing the file as shown below.

sudo nano /etc/logrotate.d/nginx

Next, you will see the same if not similar file structure. You can modify the contents here. Mostly you can change how many logs to keep or go from daily to weekly. This should be left on default unless you have specific log requirement needs for software like fail2ban monitoring or similar.

/var/log/nginx/*.log {
  daily
  missingok
  rotate 14
  compress
  delaycompress
  notifempty
  create 0640 www-data adm
  sharedscripts
  prerotate
  if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
  run-parts /etc/logrotate.d/httpd-prerotate; \
  fi \
  endscript
  postrotate
  invoke-rc.d nginx rotate >/dev/null 2>&1
  endscript
}

The main settings you will probably want to change is the following:

  • Daily – This can be changed to Weekly, Monthly. This shouild be kept at daily, or else going through the log file will be difficult.
  • Rotate 14 – This is how many logs to keep and remove, so at max there is only 14 logs, if you only want to keep 7 days worth of logs change this to 7.

Its recommended not to touch any other settings unless you know what you are doing.

How to Update Nginx

Nginx will be updated by default when a new version hits the repositories. Before upgrading, it’s always advised to back up your Nginx directory or, at the very least, the nginx.conf file. You can do either with the following command.

Back up nginx.conf (Highly Recommended):

sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx-backup.conf

Back up your entire Nginx folder if you prefer:

sudo cp /etc/nginx/ /etc/nginx-bkup

Next, refresh your repository cache.

sudo zypper refresh

If an upgrade is available, run the upgrade.

sudo zypper update

You may be prompted this during an upgrade or installation, but manually doing this beforehand is pretty essential. For large Nginx configurations of multiple sites, backing up to something like Github or Gitlab would be even more beneficial.

How to Remove (Uninstall) Nginx

To remove Nginx if you no longer use it, this can be done using the following command:

sudo zypper remove nginx

This command will also remove any unused dependencies that came with the installation.

Comments and Conclusion

In the tutorial, you have learned to install and set up basic Nginx configuration on your domain on openSUSE Leap 15, along with creating a free SSL certificate using Let’s Encrypt. Overall, Nginx is the most used and popular web application software now, with every month and year surpassing taking more market share from Apache.

Some new contenders are starting to pop up, such as Openlitespeed but given these other web applications, for now, focus on specific things like WordPress. Nginx will be the go-to web application for some time.



Follow LinuxCapable.com!

Like to get automatic updates? Follow us on one of our social media accounts!